Skip to content

build(docker): update base image to fix CVE-2022-2068 #10810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
1 commit merged into from
Oct 25, 2022
Merged

build(docker): update base image to fix CVE-2022-2068 #10810

1 commit merged into from
Oct 25, 2022

Conversation

npepinpe
Copy link
Member

@npepinpe npepinpe commented Oct 25, 2022
edited
Loading

Description

This PR updates the base image of to the latest version, applying several security patches, but more importantly fixing the following CVE: CVE-2022-2068.

Related issues

closes #10800
closes #10372

Definition of Done

Not all items need to be done depending on the issue and the pull request.

Code changes:

  • The changes are backwards compatibility with previous versions
  • If it fixes a bug then PRs are created to backport the fix to the last two minor versions. You can trigger a backport by assigning labels (e.g. backport stable/1.3) to the PR, in case that fails you need to create backports manually.

Testing:

  • There are unit/integration tests that verify all acceptance criterias of the issue
  • New tests are written to ensure backwards compatibility with further versions
  • The behavior is tested manually
  • The change has been verified by a QA run
  • The impact of the changes is verified by a benchmark

Documentation:

  • The documentation is updated (e.g. BPMN reference, configuration, examples, get-started guides, etc.)
  • New content is added to the release announcement
  • If the PR changes how BPMN processes are validated (e.g. support new BPMN element) then the Camunda modeling team should be informed to adjust the BPMN linting.

Please refer to our review guidelines.

@npepinpe
Copy link
Member Author

npepinpe commented Oct 25, 2022
edited
Loading

You can test this by running the following:

docker run --rm eclipse-temurin:17-jre-focal@sha256:e7fe469c4e729ff0ed6ff464f41eaff0e4cb9b6fe7efe71754d8935c8118eb87 dpkg -l openssl

This will print out the version of the installed OpenSSL package, which is 1.1.1f-1ubuntu2.16, which includes the fix for the CVE.

@npepinpe npepinpe requested a review from korthout October 25, 2022 08:15
korthout
korthout approved these changes Oct 25, 2022
View reviewed changes
Copy link
Member

@korthout korthout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick turnaround @npepinpe 🚀

LGTM 💯

@korthout
Copy link
Member

bors merge

@github-actions
Copy link
Contributor

Test Results

   948 files  ±    0     948 suites  ±0   1h 39m 41s ⏱️ -17s
7 582 tests +119  7 575 ✔️ +119  7 💤 ±0  0 ±0 
7 774 runs  +119  7 765 ✔️ +119  9 💤 ±0  0 ±0 

Results for commit 6d32ce9. ± Comparison against base commit 7b819ac.

@ghost
Copy link

ghost commented Oct 25, 2022

Build succeeded:

@ghost ghost merged commit 2f23794 into main Oct 25, 2022
@ghost ghost deleted the 10800-cve branch October 25, 2022 08:40
@backport-action backport-action mentioned this pull request Oct 25, 2022
Merged
@backport-action
Copy link
Collaborator

Successfully created backport PR #10811 for stable/8.1.

ghost pushed a commit that referenced this pull request Oct 25, 2022
@npepinpe
merge: #10811
485d091 
10811: [Backport stable/8.1] build(docker): update base image to fix CVE-2022-2068 r=korthout a=backport-action

# Description
Backport of #10810 to `stable/8.1`.

relates to #10800

Co-authored-by: Nicolas Pepin-Perreault <nicolas.pepin-perreault@camunda.com>
@npepinpe npepinpe mentioned this pull request Oct 25, 2022
Closed
@npepinpe npepinpe linked an issue Oct 25, 2022 that may be closed by this pull request
Update to the 17.0.5 JDK #10372
Closed
@korthout korthout added the version:8.1.3 Marks an issue as being completely or in parts released in 8.1.3 label Nov 1, 2022
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@korthout korthout

Assignees
No one assigned
Labels
version:8.1.3 Marks an issue as being completely or in parts released in 8.1.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update 1.1.1f-1ubuntu2.13 to at least 1.1.1f-1ubuntu2.15 Update to the 17.0.5 JDK
3 participants
@npepinpe @korthout @backport-action